IT591-3: Apply auditing processes within a technical scenario.

Unit 4 Assignment Dropbox

Hide Assignment InformationTurnitin™This assignment will be submitted to Turnitin™.Hide RubricsRubric Name: IT591 Unit 4 Assignment RubricPrintCriterion 1Level III Max Points65 pointsLevel II Max Points55.25 pointsLevel I Max Points45.5 pointsNot Present0 pointsCriterion ScoreHIPAA AssessmentMeets all criteria:Identifies and fully lists and describes at least 10 administrative questions from the SRA tool that are relevant to this particular case.Discusses at least five identified threats or vulnerabilities and discuss the likelihood and overall impact of each of these vulnerabilities in a probability impact table.Describes one or more safeguards that could be implemented against each selected threat/vulnerability.Discusses how difficult and costly completing this assessment might be for the small medical practice described in this case and recommends possible solutions to make this assessment process possible for this small practice.Meets three criteria:Identifies and fully lists and describes at least 10 administrative questions from the SRA tool that are relevant to this particular case.Discusses at least five identified threats or vulnerabilities and discuss the likelihood and overall impact of each of these vulnerabilities in a probability impact table.Describes one or more safeguards that could be implemented against each selected threat/vulnerability.Discusses how difficult and costly completing this assessment might be for the small medical practice described in this case and recommends possible solutions to make this assessment process possible for this small practice.Meets one or two criteria:Identifies and fully lists and describes at least 10 administrative questions from the SRA tool that are relevant to this particular case.Discusses at least five identified threats or vulnerabilities and discuss the likelihood and overall impact of each of these vulnerabilities in a probability impact table.Describes one or more safeguards that could be implemented against each selected threat/vulnerability.Discusses how difficult and costly completing this assessment might be for the small medical practice described in this case and recommends possible solutions to make this assessment process possible for this small practice.Does not meet any criteria.Score of HIPAA Assessment,/ 65Criterion 2Level III Max Points10 pointsLevel II Max Points8.5 pointsLevel I Max Points7 pointsNot Present0 pointsCriterion ScoreAPA Style and Writing ConventionsMeets all criteria:Applies current APA style to in-text citations and references, and document formatting if appropriate, with minor to no errors.Writing is focused, concise, and organized and articulates at a college level, with minor to no errors.Uses resources from reliable and/or scholarly sources.Meets two criteria:Applies current APA style to in-text citations and references, and document formatting if appropriate, with minor to no errors.Writing is focused, concise, and organized and articulates at a college level, with minor to no errors.Uses resources from reliable and/or scholarly sources.Meets one criterion:Applies current APA style to in-text citations and references, and document formatting if appropriate, with minor to no errors.Writing is focused, concise, and organized and articulates at a college level, with minor to no errors.Uses resources from reliable and/or scholarly sources.Does not meet any criteria.Score of APA Style and Writing Conventions,/ 10TotalScore of IT591 Unit 4 Assignment Rubric,/ 75Overall ScoreLevel III63.76 points minimumLevel II52.51 points minimumLevel I1 point minimumNot Present0 points minimumRubric Name: IT591_2208E_-3PrintCriteriaMastery5 pointsProficient4 pointsPracticed3 pointsEmergent2 pointsIntroductory1 pointNo Progress0 pointsCriterion ScoreIT591_2208E_-3: Apply auditing processes within a technical scenario.Student work indicates the ability to apply auditing processes within a technical scenario and use the knowledge gained to complete all of the assignment successfully.Student work indicates the ability to apply auditing processes within a technical scenario and use the knowledge gained to complete most of the assignment successfully.Student work indicates the ability to apply auditing processes within a technical scenario and use the knowledge gained to complete more than half of the assignment successfully.Student work indicates some ability to apply auditing processes within a technical scenario and use the knowledge gained to successfully complete some but less than half of the assignment.Student work indicates little ability to apply auditing processes within a technical scenario.Student work demonstrates no understanding or progress towards achievement of this outcome.Score of IT591_2208E_-3: Apply auditing processes within a technical scenario.,/ 5TotalScore of IT591_2208E_-3,/ 5Overall Score5: Mastery4.5 points minimum4: Proficient3.5 points minimum3: Practiced2.5 points minimum2: Emergent1.5 points minimum1: Introductory0.5 points minimum0: No Progress0 points minimumAssociated Learning OutcomesIT591_2208E_-3Assessment Method: Overall Rubric ScoreRequired Performance: 0: No ProgressSubmit Assignment(0) file(s) uploaded to submitAfter uploading your file(s), you must click Submit button below to complete the submission…Add a FileREADING AND RESOURCESThis week’s readings introduce you to another standard, HIPAA, related to the healthcare industry, and will provide you with an introduction to online tools to complete a Security Risk Assessment related to HIPAA audits. Your reading also discusses the identification and design of administrative, people, logical access, network, technical, physical, and response controls.You can access the texts below by navigating to More Tools, selecting Library, then choosing Required Readings.Read the following articles:Health Information ConfidentialityHealth information confidentiality (2022, May/June). Healthcare Executive, 37(3), 74–77.Information Technology Audit Quality: An Investigation of the Impact of Individual and Organizational FactorsKudyba, S. P. (2021, Spring). Information technology audit quality: An investigation of the impact of individual and organizational factors. Journal of Information Systems, 35(1), 135–154. Read the following chapters:Healthcare Informatics: Strategies for the Digital Era Book JacketChapter 3: “Electronic Health Information, Healthcare System Interoperability, Mobile Health, and the Formation of a Community of Health and Wellness”Chapter 4: “Risk Management in Healthcare”ASSIGNMENT DETAILSUnit 4 Assignment: Preparing for a HIPAA AuditOutcomes addressed in this activity:Unit Outcomes:Define administrative, technical, and physical safeguards for HIPAA.Apply administrative, technical, and physical safeguards in a case scenario.Examine an audit process.Apply a checklist to prepare for an audit in a real-world scenario.Course Outcome:IT591-3: Apply auditing processes within a technical scenario.PurposeIn this assignment, you will be provided a scenario in which you need to prepare for a HIPAA audit using materials found on the healthIT.gov website and using a government provided online or downloadable tool to perform a risk assessment.Assignment InstructionsYou are the IT and Security Manager for a small five-physician medical practice that uses electronic medical records (EMR) but has never performed a HIPAA security risk assessment. You need to prepare for the upcoming HIPAA Audit, and the healthIT.gov site recommends performing a security risk assessment using their Security Risk Assessment (SRA) tool (downloadable or paper).Based on the scenario above, review the questions in the Administrative Safeguards portion of the tool. This private practice has many written policies, but the policies are often not updated, and training of new personnel on HIPAA requirements is a bit haphazard and not well coordinated. The practice does not have a formally appointed security contact, although the office general manager is the one that most people go to. The one-person IT professional tries to protect the patient’s information and access to that information as best that is possible, but people that leave the organization are often not immediately removed from having that access. Physical access to the building does require a key card access, but the building entrance is not monitored by cameras or the need to sign in. The company has not formally documented and mapped relevant business associates and has not secured business associate agreements related to patient information security. Although the receptionist area has a high counter, and patients typically cannot see the receptionist’s computer screen, patients are able to hear the phone conversations in the receptionist area. Access to the medical records is password protected but not encrypted, and not all computer screens have automatic lock when the screens are idle.Identify at least 10 Administrative Safeguard questions from the tool that you think are particularly relevant to this organization. Identify each by number and the specific wording of the question.Discuss at least five identified threats or vulnerabilities and discuss the likelihood and overall impact of each of these vulnerabilities in a table like the one below for each threat/vulnerability (you should have five tables).LikelihoodImpactLowMediumHighLowLow RiskLow RiskLow RiskMediumLow RiskMedium RiskMedium RiskHighLow RiskMedium RiskHigh RiskFor each threat/vulnerability, describe one or more safeguards that could be implemented against the threat/vulnerability. Suggested safeguards can be found in the SRA tool.Write a summary that discusses what you learned by participating in this exercise. Discuss how difficult and costly completing this assessment might be for the small medical practice described in this case. Recommend possible solutions to make this assessment process possible for this small practice.Assignment Requirements5–6 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12 point, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s)At least 1 credible source cited and referencedNo spelling errorsNo grammar errorsNo APA errorsFor more information on APA formatting and citation style, refer to the resources in the Academic Tools area of this course. Also review the university policy on plagiarism. If you have any questions, please contact your professor.Directions for Submitting Your AssignmentName your assignment document according to this convention: YourLastName_IT591_Unit4.Submit your completed assignment to the Unit 4 Dropbox by the deadline.Review the rubric before beginning this activity.